US10924371B2 - Method for monitoring a first node in a communications network and monitoring system - Google Patents
Method for monitoring a first node in a communications network and monitoring system Download PDFInfo
- Publication number
- US10924371B2 US10924371B2 US15/088,299 US201615088299A US10924371B2 US 10924371 B2 US10924371 B2 US 10924371B2 US 201615088299 A US201615088299 A US 201615088299A US 10924371 B2 US10924371 B2 US 10924371B2
- Authority
- US
- United States
- Prior art keywords
- node
- channel
- time values
- dual
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/106—Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0721—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment within a central processing unit [CPU]
- G06F11/0724—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment within a central processing unit [CPU] in a multiprocessor or a multi-core unit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0751—Error or fault detection not based on redundancy
- G06F11/0754—Error or fault detection not based on redundancy by exceeding limits
- G06F11/0757—Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J3/00—Time-division multiplex systems
- H04J3/02—Details
- H04J3/06—Synchronising arrangements
- H04J3/0635—Clock or time synchronisation in a network
- H04J3/0638—Clock or time synchronisation among nodes; Internode synchronisation
- H04J3/0658—Clock or time synchronisation among packet nodes
- H04J3/0661—Clock or time synchronisation among packet nodes using timestamps
- H04J3/0664—Clock or time synchronisation among packet nodes using timestamps unidirectional timestamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0695—Management of faults, events, alarms or notifications the faulty arrangement being the maintenance, administration or management system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0681—Configuration of triggering conditions
Definitions
- the invention relates to a method for monitoring a first node in a communications network and to a monitoring system.
- DE 10 2012 023 748 A1 discloses a method for synchronizing sensors, in which method a clock from a timer in the sensors is compared with a clock from a central timer in a control unit.
- DE 103 61 178 A1 discloses a communications network in which the nodes compare time offsets in time-stamped messages.
- EP 2 648 100 A1 discloses a process-monitoring device and an automation unit comprising such a device.
- the object of the invention can be considered that of providing an improved method for monitoring a first node in a communications network.
- the object of the invention can be considered that of providing an improved monitoring system.
- a method for monitoring a first node in a communications network determines at each of two consecutive time points a time value, which is based on an internal timer of the second node, and sends each determined time value to the first node via the communications network.
- the first node in response to each receipt of the sent time values, determines a further time value, which is based on a further internal timer of the first node, wherein the first node compares a difference between the two time values from the second node with a difference between the two further time values from the first node, wherein the first node goes into an error state depending on the comparison.
- a method for monitoring a first node in a communications network by a second node comprising the steps:
- a monitoring system comprising a first node and a second node in a communications network.
- the first node has a single-channel design comprising a processor, and is designed to execute a safety-oriented application.
- the second node has a dual-channel design comprising two processors, which monitor each other for malfunctions, and wherein a safety protocol is used for a data transfer between the first node and the second node on the communications network.
- the dual-channel second node further comprises an internal timer and a communications interface, wherein the one processor of the dual-channel second node is designed to determine a time value on the basis of the internal timer, and wherein the communications interface is designed to send the determined time values to the single-channel first node via the communications network.
- the first node comprises a further internal timer and a further communications interface, wherein the communications interface is designed to receive the time values from the dual-channel second node via the communications network, and wherein the processor of the single-channel first node is designed to determine, in response to each receipt of the sent time values from the dual-channel second node, a further time value based on the further internal timer, and to compare a difference between the two time values from the dual-channel second node with a difference between the two further time values from the single-channel first node, wherein the first node is designed to go into an error state depending on the comparison.
- FIG. 1 is a flow diagram of a method for monitoring a first node of a communications network
- FIG. 2 shows a system for monitoring a first node of a communications network
- FIG. 3 shows a node for a communications network
- FIG. 4 shows a further node for a communications network.
- a method for monitoring a first node in a communications network is provided.
- a system for monitoring a first node of a communications network comprising:
- a node for a communications network comprises:
- a node for a communications network comprises:
- the node that sends the time values to the further node via the communications network is referred to as the second node.
- the node that receives these time values is referred to as the first node.
- the prefix “further” is added to the timer, the communications interface and the processor of the first node.
- the invention includes in particular the idea that a second node of the communications network sends time values, which are determined at two consecutive time points, to the first node via the communications network.
- This first node forms a difference in these two time values, i.e. a delta ( ⁇ ).
- said first node itself determines further time values, which time values are associated with the respective receive times of the sent time values from the second node.
- the first node forms a corresponding difference, i.e. a delta ( ⁇ ), from the time values it has determined.
- the first node compares these two differences. The first node goes into an error state depending on the comparison.
- the determined time values are based on the internal timer of the first node and of the second node, comparing the corresponding differences in the time values advantageously makes it possible to check whether the two internal timers of the two nodes are running synchronously or whether the further internal timer of the first node is running faster or slower than the internal timer of the second node.
- the communications network does not need to comprise an additional, separate external master clock, in other words a separate external timer.
- the internal timer of the second node is used for this purpose.
- the sent time value therefore does not need to include an absolute date. This reduces a corresponding volume of data to be sent.
- the time value determined at a time point equals in particular a counter value, which is incremented or decremented on the basis of the internal timer of the first node or second node.
- the second node determines at two consecutive time points a corresponding counter value, and then sends these counter values to the first node.
- the first node itself determines at the respective receive times of these counter values an internal counter value of a further internal counter of the first node, which is incremented or decremented on the basis of the further internal timer.
- the respective timers provide a clock, for instance a millisecond clock, for the incrementing or decrementing.
- the two internal timers of the two nodes are running synchronously with each other, then the two counters should have been incremented or decremented by the same amount, within the bounds of accuracy given by measurement tolerances or random or systematic errors. If the two differences differ by a defined threshold value, however, it is assumed that the two internal timers are no longer running synchronously with each other, with one running faster or slower than the other. In this case it is then provided particularly that the first node goes into an error state. Said defined threshold value depends, for example, on the specific application.
- the threshold value for triggering the error state depends on a time resolution of the two internal timers.
- the smallest common unit of time of the two internal timers is preferably used, such as, for instance, 1 ms, particularly 10 ms or also preferably 100 ms, and the smallest common unit of time is increased by a percentage value, for example by 20%, particularly by 30%.
- a time safety margin is applied to the smallest unit of time.
- the increased common unit of time forms the threshold value. If the difference in two consecutive timer values or time values differs by more than the smallest common unit of time increased by the percentage value, so for instance by more than 20%, the error state is assumed and the first node hence goes into an error state.
- the time values from the second node are determined at a defined time interval from respective send times of the time values. This achieves in particular the technical advantage that any jitter in the timer generation can be minimized. This is by virtue of delaying until the defined time interval before the transmission of the time value, when the current time value or counter value of the counter is then used.
- the defined time interval lies particularly in the microsecond range, particularly in a range of 1 ⁇ s to 1000 ⁇ s, for example between 1 ⁇ s and 500 ⁇ s, in particular between 1 ⁇ s and 100 ⁇ s, preferably between 1 ⁇ s and 10 ⁇ s.
- the second node has a dual-channel design and the first node has a single-channel design.
- the dual-channel design In particular the second node has increased redundancy and reliability. Since the second node already has a dual-channel design, this need not necessarily also still be the case for the first node. It is sufficient in this case for said node to have a single-channel design. This simplifies a corresponding system design.
- the first node can be produced more cheaply. For example, it can be in the form of a standard “personal computer” (PC).
- PC personal computer
- the second node comprises two processors, in particular two microprocessors, for example two microcontrollers.
- the first node preferably comprises a single processor.
- the two processors of the second node are thus designed in particular to monitor each other for malfunctions. If one of the processors has a malfunction, the other processor of the second node can still perform functions of the first processor. Both processors are designed particularly to determine the relevant timer values or time values.
- the second node sends the time values to the first node regardless of any module error associated with an electronic module connected to the second node.
- the second node sends the time values to the first node even in the event of a module error.
- the first node can check its internal timer on the basis of the sent time values from the second node. This advantageously ensures that it is still possible to monitor the first node even in the event of a module error.
- an electronic module is an actuator or a sensor which is connected to the second node.
- the second node reads the sensor or controls the actuator. If an error occurs during the control operation or read operation, for example, this is referred to as a module error. In particular if the sensor or actuator has a malfunction, then this is also referred to in particular as a module error.
- a module error In particular if the sensor or actuator has a malfunction, then this is also referred to in particular as a module error.
- the second node regardless of such errors, determines or generates relevant time values and sends these time values to the first node via the communications network.
- a module error may include, for instance, a fault in external wiring for the module.
- the time value is thus still generated in particular regardless of such module errors.
- module errors can be detected by means of an input terminal and/or output terminal of a bus terminal system, where the terminals are nodes of the communications network.
- the communications network is an EtherCAT communications network.
- the communications network is a Fieldbus communications network, in particular it is a Profibus or a Profinet communications system.
- an automation system that comprises the system according to the invention.
- the automation system is, for example, part of a production facility, in particular of an industrial production facility.
- the automation system is part of a building automation system, for instance.
- a safety-oriented application is executed in the first node, or the first node, particularly the further processor, is designed to execute a safety-oriented application. This is done in particular on the basis of the further internal timer of the first node. This means thus in particular that the further internal timer of the first node adopts a timing clock for running or executing the safety-oriented application. It is particularly important here that the further internal timer of the first node works correctly, i.e. is running neither too slow nor too fast. This is because this is particularly important for timing characteristics of switch-on and/or switch-off delays, which are often used in safety-oriented applications.
- the comparison according to the invention of the time values i.e.
- comparing the corresponding differences can advantageously be used to ensure that the internal timer of the first node does not slow down or speed up inadmissibly, which could result in it no longer being possible to run correctly the safety-oriented application that is executed in the first node.
- the design of the first node to go into an error state depending on the comparison includes in particular the case in which the further processor of the first node is designed to go into an error state depending on the comparison.
- the error state means, for example, that execution of the safety application in the node is stopped, with communication to the external nodes also being suspended, for example, so that after a definable watchdog time, these nodes likewise switch into the safe state and switch off the outputs.
- the steps of determining the time value, sending the time value to the first node, and, in response to the receipt, the first node determining a further time value are performed, according to one embodiment, successively in a cyclical manner.
- the cycle corresponds to a data transfer cycle of the communications network.
- the time value or counter value to be sent is packaged or inserted into a message, which is sent to the first node via the communications network in accordance with the transfer cycle. It is preferably provided to delay determining the counter value or time value until a defined time interval from a message transmission, so that it is advantageously possible to send to the first node a counter value that is as recent as possible.
- the defined time interval lies in the microsecond range for instance. This achieves in particular the technical advantage that any jitter in generating or determining the time value or counter value can be minimized.
- FIG. 1 shows a flow diagram of a method for monitoring a first node of a communications network.
- a second node of the communications network determines at a first time point a time value based on an internal timer of the second node.
- This time value for example, corresponds to a counter value of an internal counter of the second node, where the internal counter is incremented or decremented in accordance with the clock provided by the internal timer.
- the second node sends the determined time value, so for instance the counter value at the first time point, to the first node via the communications network.
- the first node receives this time value, where in response to the receipt the first node determines a further time value according to a step 107 . This is done on the basis of a further internal timer of the first node.
- this further time value also corresponds to a counter value of an internal counter of the first node at the time of receiving the time value of the second node as given by the step 105 . This internal counter is incremented or decremented on the basis of the further internal timer.
- Steps 101 to 107 are performed successively in a cyclical manner.
- the cycle corresponds to a data transfer cycle of the communications network.
- the time value or counter value to be sent is packaged or inserted into a message, which is sent to the first node via the communications network in accordance with the transfer cycle. It is preferably provided to delay determining the counter value until a defined time interval from a message transmission, so that it is advantageously possible to send to the first node a counter value that is as recent as possible.
- the defined time interval lies in the microsecond range for instance. This achieves in particular the technical advantage that any jitter in generating or determining the time value or counter value can be minimized.
- the first node then has available two time values or counter values from the second node that were determined at two consecutive time points.
- the first node also has available two further time values or counter values, which correspond to those counter values at the respective receive times.
- the first node compares a difference between the two time values from the second node with a difference between the two further time values from the first node.
- the first node forms a difference between the two time values from the second node.
- the first node also forms a difference between the two further time values from the first node.
- the two differences should be equal. If, on the other hand, the further internal timer of the first node is running faster or slower than the internal timer of the second node, then there is disparity in the respective differences. Should this disparity be greater than a predetermined threshold value, it is provided according to step 111 that the first node goes into an error state.
- This threshold value depends in particular on the specific application and must take into account particularly parameters such as transfer rate, transmission path and jitter, for example. This is why there is the threshold value, because typically the ideal case rarely occurs in a real environment.
- the method according to the invention advantageously makes it possible for a second node of the communications network to monitor the first node to check that the internal timer of the first node is not running faster or slower than the internal timer of the second node.
- This is especially important and particularly advantageous in particular when a safety-oriented application is being executed in the first node and said execution is performed on the basis of a clock provided by the further internal timer.
- Such execution may be, for example, switching on or switching off specific actuators or final control elements that are controlled on the basis of the safety-oriented application.
- the communications network is a Fieldbus communications network.
- This Fieldbus is an EtherCAT Fieldbus, for example.
- the protocol that is used to send the time values to the first node via the communications network is a Safety over EtherCAT protocol, for instance.
- This protocol has the advantage in particular of being a SIL3-certified protocol, i.e. a safety protocol. It is generally provided according to one embodiment that communication via the communications network is performed on the basis of the Safety over EtherCAT protocol.
- FIG. 2 shows a system 201 for monitoring a first node of a communications network.
- the system 201 comprises a first node 203 and a second node 205 .
- the communications network 207 which is a Fieldbus communications network for instance
- the two nodes 203 , 205 each comprise a communications interface. Communication between the two nodes 203 , 205 is performed on the basis of a safety protocol, for instance on the basis of the Safety over EtherCAT protocol in this case.
- the reference sign 209 points to an arrow which symbolizes a data transfer from the first node 203 to the second node 205 via the Fieldbus 207 .
- the reference sign 211 points to an arrow which symbolizes a data transfer from the second node 205 to the first node 203 via the Fieldbus 207 .
- This data transfer 211 transmits both data, for instance payload data, and time values or counter values that the second node 205 has determined as already explained in this description.
- the second node 205 has a dual-channel design. This means that the second node 205 comprises two processors 213 , 215 , which can be designed as microprocessors or microcontrollers, for instance.
- the second node 205 comprises an internal timer 219 .
- the internal timer 219 is a millisecond timer, for example.
- the internal timer 219 provides a clock, for example a millisecond clock, on the basis of which a counter is incremented or decremented.
- the counter value at each time point is sent via the Fieldbus 207 to the first node 203 in accordance with the data transfer 211 .
- This uses a safety protocol 221 , which in this case is the Safety over EtherCAT protocol, for example. It is preferably provided to delay determining the relevant counter value until a defined time interval from the time of the data transfer or message transmission 211 .
- a counter value that is as recent as possible is thus advantageously used for sending to the first node 203 .
- the first node 203 receives these counter values in succession and determines in response to each receipt a counter value of an internal counter of the first node 203 , which internal counter is incremented or decremented on the basis of a further internal timer of the first node 203 .
- This further internal timer of the first node 203 is intended to provide a clock that is the same as, or proportional to, the internal timer 219 of the second node 205 . Thus this means that there is meant to be at least a defined relationship between the respective clocks.
- a processor 223 of the first node 203 forms respective differences for the respective time values or counter values, and compares said differences with each other. Should the differences have a disparity that is greater than a defined threshold value, then the processor 223 and hence also the node 203 goes into an error state.
- the first node 203 has a single-channel design in that it has a single processor 223 , although this processor can certainly have a plurality of cores in embodiments that are generally independent of this specific exemplary embodiment.
- FIG. 3 shows a node 301 for a communications network.
- the node 301 is an embodiment of a second node for the communications network.
- such a node 301 comprises a communications interface 303 , an internal timer 305 and a processor 307 .
- the internal timer 305 provides a clock.
- the processor 307 is designed to determine a time value on the basis of the internal timer.
- the communications interface 303 is designed to send via the communications network time values, which are determined by the processor 307 at two consecutive time points, to a further node, for example to the first node of the communications network, for instance the node 203 as shown in FIG. 2 .
- FIG. 4 shows a further node 401 for a communications network.
- the node 401 shown in FIG. 4 is a first node in the sense of this description.
- the node 401 is the node 203 shown in FIG. 2 .
- such a node 401 has the following design. It comprises a communications interface 403 , which can be referred to as a further communications interface to make a distinction from the communications interface of the second node 301 shown in FIG. 3 .
- the node 401 also comprises an internal timer 405 , which can likewise be referred to as a further internal timer to make said internal timer more easily distinguishable from the internal timer 305 of the node 301 .
- the node 401 also comprises a processor 407 , which can be referred to likewise as a further processor to make a distinction from the processor 307 .
- the further communications interface 403 is designed to receive time values from a further node, for example from the node 301 , via the communications network.
- the processor 407 is designed to determine, in response to each receipt of the time values, a further time value, which is based on the internal timer 405 , and to compare a difference between the two received time values with a difference between the two further time values.
- the node 401 in particular the processor 407 , is designed to go into an error state depending on the comparison.
- the invention includes in particular the idea of providing a method that can be used to monitor a single-channel safe system (first node) by transmitting timer values (time values or counter values) from a dual-channel safe system (second node).
- a safety protocol in this case FSoE, Safety over EtherCAT
- FSoE PC-based safety runtime component
- second node safety-oriented device
- a Fieldbus preferably also Ethernet-based is used for communication between these devices.
- Data is transferred cyclically between the two devices by means of the safety protocol.
- a timer value is additionally transmitted in the channel from the safety device to the single-channel device. This timer value is generated by the safety device, which has a dual-channel design.
- the PC-based safety runtime component has its own timer, which is compared with the transmitted timer value. If this CPU establishes that the timer values are diverging inadmissibly, the CPU goes into an error state.
- This comparison of the timer values is needed to ensure that the timer of the single-channel system does not slow down or speed up inadmissibly and thereby prevent the safety-oriented application, which is executed in said system, from being able to execute correctly. This is particularly important for the timing characteristics of switch-on and/or switch-off delays, which are often used in safety-oriented applications.
- the timer generation function is activated, for example, by the definition of the process image of the safety device.
- the timer is generated by a high-priority timer task on one of the two ⁇ C (microcontrollers) of the second node.
- the two microcontrollers monitor each other, with the result that any malfunction in the hardware and/or software is detected (SIL3).
- the determined timer value is packaged into the safety protocol and transmitted to the single-channel system (first node) in the next FSoE communication cycle.
- Timer generation preferably still continues even in the event of a module error in the safety device.
- a safety protocol for instance in this case FSoE (IEC61784-3-12), which is SIL3-certified, is used for the transmission.
- this invention describes a timer value (from the second node), which can be provided at SIL3 quality to a single-channel safe system (first node).
Abstract
Description
-
- determining in the dual-channel second node at each of two consecutive time points a time value (211), which is based on an internal timer of the dual-channel second node (205, 301), and the dual-channel second node sending each determined time value to the single-channel first node via the communications network (207),
- the single-channel first node receiving the sent time value and determining in response to the receipt a further time value (211), which is based on a further internal timer of the single-channel first node, with the result that two further time values are present in the single-channel first node,
- the single-channel first node comparing a difference between the two time values from the dual-channel second node with a difference between the two further time values from the single-channel first node (203, 401), wherein the single-channel first node goes into an error state depending on the comparison.
-
- wherein a second node of the communications network determines at each of two consecutive time points a time value, which is based on an internal timer of the second node, and sends each determined time value to the first node via the communications network,
- wherein the first node, in response to each receipt of the sent time values, determines a further time value, which is based on a further internal timer of the first node,
- wherein the first node compares a difference between the two time values from the second node with a difference between the two further time values from the first node,
- wherein the first node goes into an error state depending on the comparison.
-
- a first node for the communications network and a second node for the communications network,
- wherein the second node comprises an internal timer, at least one processor, which is designed to determine a time value on the basis of the internal timer, and a communications interface, which is designed to send time values, which are determined by the at least one processor at two consecutive time points, to the first node via the communications network,
- wherein the first node comprises a further internal timer and a further communications interface, which is designed to receive the time values from the second node via the communications network,
- wherein the first node comprises a further processor, which is designed to determine, in response to each receipt of the sent time values from the second node, a further time value, which is based on the further internal timer, and to compare a difference between the two time values from the second node with a difference between the two further time values from the first node,
- wherein the first node is designed to go into an error state depending on the comparison.
-
- an internal timer,
- at least one processor, which is designed to determine a time value on the basis of the internal timer, and
- a communications interface, which is designed to send time values, which are determined by the at least one processor at two consecutive time points, to a further node via the communications network.
-
- an internal timer,
- a communications interface, which is designed to receive time values from a further node via the communications network, and
- a processor, which is designed to determine, in response to each receipt of the time values, a further time value, which is based on the internal timer, and to compare a difference between the two successively received time values with a difference between the two successively determined further time values,
- wherein the node is designed to go into an error state depending on the comparison.
Claims (13)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102014114883.5 | 2014-10-14 | ||
DE102014114883.5A DE102014114883A1 (en) | 2014-10-14 | 2014-10-14 | Method and system for monitoring a first subscriber of a communication network |
PCT/EP2015/073758 WO2016059100A1 (en) | 2014-10-14 | 2015-10-14 | Method for monitoring a first participant in a communication network, and monitoring system |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2015/073758 Continuation WO2016059100A1 (en) | 2014-10-14 | 2015-10-14 | Method for monitoring a first participant in a communication network, and monitoring system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20160218946A1 US20160218946A1 (en) | 2016-07-28 |
US10924371B2 true US10924371B2 (en) | 2021-02-16 |
Family
ID=54329522
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/088,299 Active 2035-12-02 US10924371B2 (en) | 2014-10-14 | 2016-04-01 | Method for monitoring a first node in a communications network and monitoring system |
Country Status (5)
Country | Link |
---|---|
US (1) | US10924371B2 (en) |
EP (1) | EP3042472B1 (en) |
CN (1) | CN105900360B (en) |
DE (1) | DE102014114883A1 (en) |
WO (1) | WO2016059100A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102017123911A1 (en) * | 2017-10-13 | 2019-04-18 | Phoenix Contact Gmbh & Co. Kg | Method and apparatus for monitoring the response time of a security function provided by a security system |
US11051230B2 (en) | 2018-08-22 | 2021-06-29 | Bae Systems Information And Electronic Systems Integration Inc. | Wireless resilient routing reconfiguration linear program |
WO2020049698A1 (en) * | 2018-09-06 | 2020-03-12 | 三菱電機株式会社 | Communication system, communication device, method, and program |
CN111311911B (en) * | 2020-02-24 | 2022-02-18 | 武汉中科通达高新技术股份有限公司 | Data management method and device for electronic police system and electronic equipment |
Citations (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4805107A (en) * | 1987-04-15 | 1989-02-14 | Allied-Signal Inc. | Task scheduler for a fault tolerant multiple node processing system |
US5477458A (en) * | 1994-01-03 | 1995-12-19 | Trimble Navigation Limited | Network for carrier phase differential GPS corrections |
US6449291B1 (en) * | 1998-11-24 | 2002-09-10 | 3Com Corporation | Method and apparatus for time synchronization in a communication system |
CN1373949A (en) | 1999-09-13 | 2002-10-09 | 西门子公司 | Arrangement for synchronizing communication system components coupled via communication network |
US20040088406A1 (en) * | 2002-10-31 | 2004-05-06 | International Business Machines Corporation | Method and apparatus for determining time varying thresholds for monitored metrics |
DE10361178A1 (en) | 2003-01-31 | 2004-12-02 | Rockwell Automation Technologies, Inc., Mayfield Heights | Data aging monitoring device for security networks |
US6829717B1 (en) * | 2000-08-24 | 2004-12-07 | Nortel Networks Limited | Method and apparatus for generating timing information |
US20050232151A1 (en) * | 2004-04-19 | 2005-10-20 | Insors Integrated Communications | Network communications bandwidth control |
WO2008053039A1 (en) | 2006-11-03 | 2008-05-08 | Robert Bosch Gmbh | Device and method for manipulating communication messages |
US20080150713A1 (en) * | 2006-11-15 | 2008-06-26 | Phoenix Contact Gmbh & Co. Kg | Method and system for secure data transmission |
US20090161806A1 (en) * | 2007-12-19 | 2009-06-25 | Apple Inc. | Microcontroller clock calibration using data transmission from an accurate third party |
DE102008007672A1 (en) | 2008-01-25 | 2009-07-30 | Pilz Gmbh & Co. Kg | Method and device for transmitting data in a network |
US20120023277A1 (en) * | 2010-07-16 | 2012-01-26 | Siemens Aktiengesellschaft | Method for Operating an Automation Device |
US20120089861A1 (en) * | 2010-10-12 | 2012-04-12 | International Business Machines Corporation | Inter-processor failure detection and recovery |
US20130034197A1 (en) * | 2011-08-05 | 2013-02-07 | Khalifa University of Science, Technology, and Research | Method and system for frequency synchronization |
US20130111087A1 (en) * | 2011-10-27 | 2013-05-02 | Bernecker + Rainer Industrie-Elektronik Ges.M.B.H. | Method and a bus device for transmitting safety-oriented data |
US20130158681A1 (en) * | 2011-12-14 | 2013-06-20 | Siemens Aktiengesellschaft | Safety-Oriented Controller in Combination with Cloud Computing |
WO2013094072A1 (en) | 2011-12-22 | 2013-06-27 | トヨタ自動車 株式会社 | Communication system and communication method |
US20130195439A1 (en) * | 2012-01-30 | 2013-08-01 | Christophe Mangin | Transparent protection switching operation in a pon |
US20130254443A1 (en) * | 2012-03-06 | 2013-09-26 | Softing Ag | Method For Determining The Topology Of A Serial Asynchronous Databus |
US8549136B2 (en) * | 2007-10-22 | 2013-10-01 | Phoenix Contact Gmbh & Co. Kg | System for operating at least one non-safety-critical and at least one safety-critical process |
EP2646100A1 (en) | 2010-12-06 | 2013-10-09 | Poly Medicure Limited | Intravenous catheter apparatus |
US20130266306A1 (en) * | 2011-02-08 | 2013-10-10 | Mitsubishi Electric Corporation | Time synchronization method for communication system, slave station apparatus, master station apparatus, control device, and program |
CN103618383A (en) | 2013-11-28 | 2014-03-05 | 国家电网公司 | Power distribution network monitoring and management system |
DE102012023748A1 (en) | 2012-12-04 | 2014-06-05 | Valeo Schalter Und Sensoren Gmbh | Method for synchronizing sensors on a data bus |
WO2014090612A1 (en) | 2012-12-14 | 2014-06-19 | Continental Automotive Gmbh | Synchronization of data packets in a data communication system of a vehicle |
US20140372840A1 (en) * | 2013-06-14 | 2014-12-18 | Siemens Aktiengesellschaft | Method and System for Detecting Errors in the Transfer of Data from a Transmitter to At Least One Receiver |
US20150071309A1 (en) * | 2013-09-11 | 2015-03-12 | Khalifa University of Science , Technology, and Research | Method and devices for frequency distribution |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102523136A (en) * | 2011-12-22 | 2012-06-27 | 东南大学 | Wireless sensor network data link layer protocol test method and system |
DE102012205445A1 (en) | 2012-04-03 | 2013-10-10 | Siemens Aktiengesellschaft | automation equipment |
-
2014
- 2014-10-14 DE DE102014114883.5A patent/DE102014114883A1/en not_active Withdrawn
-
2015
- 2015-10-14 CN CN201580004141.3A patent/CN105900360B/en active Active
- 2015-10-14 WO PCT/EP2015/073758 patent/WO2016059100A1/en active Application Filing
- 2015-10-14 EP EP15781338.7A patent/EP3042472B1/en active Active
-
2016
- 2016-04-01 US US15/088,299 patent/US10924371B2/en active Active
Patent Citations (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4805107A (en) * | 1987-04-15 | 1989-02-14 | Allied-Signal Inc. | Task scheduler for a fault tolerant multiple node processing system |
US5477458A (en) * | 1994-01-03 | 1995-12-19 | Trimble Navigation Limited | Network for carrier phase differential GPS corrections |
US6449291B1 (en) * | 1998-11-24 | 2002-09-10 | 3Com Corporation | Method and apparatus for time synchronization in a communication system |
CN1373949A (en) | 1999-09-13 | 2002-10-09 | 西门子公司 | Arrangement for synchronizing communication system components coupled via communication network |
US6829717B1 (en) * | 2000-08-24 | 2004-12-07 | Nortel Networks Limited | Method and apparatus for generating timing information |
US20040088406A1 (en) * | 2002-10-31 | 2004-05-06 | International Business Machines Corporation | Method and apparatus for determining time varying thresholds for monitored metrics |
DE10361178A1 (en) | 2003-01-31 | 2004-12-02 | Rockwell Automation Technologies, Inc., Mayfield Heights | Data aging monitoring device for security networks |
US20050232151A1 (en) * | 2004-04-19 | 2005-10-20 | Insors Integrated Communications | Network communications bandwidth control |
WO2008053039A1 (en) | 2006-11-03 | 2008-05-08 | Robert Bosch Gmbh | Device and method for manipulating communication messages |
US20080150713A1 (en) * | 2006-11-15 | 2008-06-26 | Phoenix Contact Gmbh & Co. Kg | Method and system for secure data transmission |
US8549136B2 (en) * | 2007-10-22 | 2013-10-01 | Phoenix Contact Gmbh & Co. Kg | System for operating at least one non-safety-critical and at least one safety-critical process |
US20090161806A1 (en) * | 2007-12-19 | 2009-06-25 | Apple Inc. | Microcontroller clock calibration using data transmission from an accurate third party |
CN101960755A (en) | 2008-01-25 | 2011-01-26 | 皮尔茨公司 | Method and device for transmitting data in a network |
DE102008007672A1 (en) | 2008-01-25 | 2009-07-30 | Pilz Gmbh & Co. Kg | Method and device for transmitting data in a network |
US20120023277A1 (en) * | 2010-07-16 | 2012-01-26 | Siemens Aktiengesellschaft | Method for Operating an Automation Device |
US20120089861A1 (en) * | 2010-10-12 | 2012-04-12 | International Business Machines Corporation | Inter-processor failure detection and recovery |
EP2646100A1 (en) | 2010-12-06 | 2013-10-09 | Poly Medicure Limited | Intravenous catheter apparatus |
US20130266306A1 (en) * | 2011-02-08 | 2013-10-10 | Mitsubishi Electric Corporation | Time synchronization method for communication system, slave station apparatus, master station apparatus, control device, and program |
US20130034197A1 (en) * | 2011-08-05 | 2013-02-07 | Khalifa University of Science, Technology, and Research | Method and system for frequency synchronization |
US20130111087A1 (en) * | 2011-10-27 | 2013-05-02 | Bernecker + Rainer Industrie-Elektronik Ges.M.B.H. | Method and a bus device for transmitting safety-oriented data |
US20130158681A1 (en) * | 2011-12-14 | 2013-06-20 | Siemens Aktiengesellschaft | Safety-Oriented Controller in Combination with Cloud Computing |
WO2013094072A1 (en) | 2011-12-22 | 2013-06-27 | トヨタ自動車 株式会社 | Communication system and communication method |
EP2797263A1 (en) | 2011-12-22 | 2014-10-29 | Toyota Jidosha Kabushiki Kaisha | Communication system and communication method |
US20130195439A1 (en) * | 2012-01-30 | 2013-08-01 | Christophe Mangin | Transparent protection switching operation in a pon |
US20130254443A1 (en) * | 2012-03-06 | 2013-09-26 | Softing Ag | Method For Determining The Topology Of A Serial Asynchronous Databus |
DE102012023748A1 (en) | 2012-12-04 | 2014-06-05 | Valeo Schalter Und Sensoren Gmbh | Method for synchronizing sensors on a data bus |
WO2014090612A1 (en) | 2012-12-14 | 2014-06-19 | Continental Automotive Gmbh | Synchronization of data packets in a data communication system of a vehicle |
US20140372840A1 (en) * | 2013-06-14 | 2014-12-18 | Siemens Aktiengesellschaft | Method and System for Detecting Errors in the Transfer of Data from a Transmitter to At Least One Receiver |
US20150071309A1 (en) * | 2013-09-11 | 2015-03-12 | Khalifa University of Science , Technology, and Research | Method and devices for frequency distribution |
CN103618383A (en) | 2013-11-28 | 2014-03-05 | 国家电网公司 | Power distribution network monitoring and management system |
Non-Patent Citations (1)
Title |
---|
English Translation of Chinese Search Report for Chinese Patent Application No. 201580004141.3, dated Aug. 16, 2017 (2 pages). |
Also Published As
Publication number | Publication date |
---|---|
CN105900360A (en) | 2016-08-24 |
DE102014114883A1 (en) | 2016-04-14 |
EP3042472B1 (en) | 2017-05-31 |
US20160218946A1 (en) | 2016-07-28 |
WO2016059100A1 (en) | 2016-04-21 |
CN105900360B (en) | 2018-04-06 |
EP3042472A1 (en) | 2016-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8369966B2 (en) | Controller network and method for transmitting data in a controller network | |
US10924371B2 (en) | Method for monitoring a first node in a communications network and monitoring system | |
US10061345B2 (en) | Apparatus and method for controlling an automated installation | |
US9891142B2 (en) | Time-stamping and synchronization for single-wire safety communication | |
US7280565B2 (en) | Synchronous clocked communication system with decentralized input/output modules and method for linking decentralized input/output modules into such a system | |
EP2137892B1 (en) | Node of a distributed communication system, and corresponding communication system | |
RU2665890C2 (en) | Data management and transmission system, gateway module, input/output module and process control method | |
Fredriksson | CAN for critical embedded automotive networks | |
JP5444207B2 (en) | Method and system for secure transmission of processing data to be cyclically transmitted | |
EP3719596B1 (en) | Control device and control method | |
KR101519719B1 (en) | Message process method of gateway | |
EP3979527A1 (en) | System and method of network synchronized time in safety applications | |
US20180373213A1 (en) | Fieldbus coupler and system method for configuring a failsafe module | |
CN100498607C (en) | Data transfer method and automation system used in said data transfer method | |
CN108293014B (en) | Communication network, method for operating the same and participants in the communication network | |
EP3594769A1 (en) | Control device and control method | |
US10986556B2 (en) | Circuit for monitoring a data processing system | |
JP5490112B2 (en) | Monitoring system | |
JP6587566B2 (en) | Semiconductor device | |
Elia et al. | Analysis of Ethernet-based safe automation networks according to IEC 61508 | |
Bertoluzzo et al. | Application protocols for safety-critical CAN-networked systems | |
US20240007773A1 (en) | Safety Communication Method, Communication Apparatus, Safety Communication System and Control System | |
Kanamaru et al. | Safety field network technology and its implementation | |
EP4149028A1 (en) | Synchronization for backplane communication | |
Silva et al. | Assessment of multi-bus fault-tolerant communications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: BECKHOFF AUTOMATION GMBH & CO. KG, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ELLERBROCK, OLIVER;SACHS, JENS;ZUTZ, ROBERT;SIGNING DATES FROM 20160406 TO 20160408;REEL/FRAME:038252/0108 |
|
AS | Assignment |
Owner name: BECKHOFF AUTOMATION GMBH, GERMANY Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE NAME OF THE ASSIGNEE PREVIOUSLY RECORDED ON REEL 038252 FRAME 108. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNORS:ELLERBROCK, OLIVER;SACHS, JENS;ZUTZ, ROBERT;REEL/FRAME:039502/0457 Effective date: 20160719 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
AS | Assignment |
Owner name: BECKHOFF AUTOMATION GMBH, GERMANY Free format text: CHANGE OF ASSIGNEE ADDRESS;ASSIGNOR:BECKHOFF AUTOMATION GMBH;REEL/FRAME:051057/0632 Effective date: 20191108 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |